Max Locatelli, Regional Director Western Europe at Infoblox
Financial Services (FS) firms have traditionally faced a host of different obstacles when it comes to protecting their users’ data from cybercriminals. With a growing number of regional regulation requirements and laws as well as general security and compliance concerns, the landscape is growing increasingly complex each year. Add to this the many layers of sensitive and financial information that they regularly handle and it’s easy to see why FS organisations have become one of the most high-value targets for those looking to make a quick profit. This was only exacerbated when the pandemic broke out last year.
As office closures took hold and the majority of operations became virtual, many FS organisations were forced to embrace digital transformation at a rapid pace in order to continue to deliver their services and try to achieve some level of “business-as-usual.” As a result, the digital attack surface these organisations had to defend expanded significantly. Individuals moving from centralised locations — i.e. the office — to the edge of the network, brought greater risk and many FS organisations found themselves vulnerable. Meanwhile, innovative cybercriminals were able to adapt rapidly and take advantage of the chaos to launch multiple attacks. In fact, a recent cybersecurity report from Infoblox — released in May 2021 — found that over half of all FS firms (54%) were hit by data breaches during a 12-month period, while nearly half (49%) encountered cloud-based malware attacks.
With hackers getting more sophisticated and a new wave of cyberattacks just around the corner, FS organisations need to act today. If they fail to adapt to the landscape and adopt a proactive approach to cybersecurity, the consequences could be severe.
A costly business
For FS organisations, a single data breach can have far reaching consequences. Depending on the severity of the attack, and how much and what type of data is impacted, some might never fully bounce back.
For example, one of the biggest data breaches in recent history involved US-based credit rating agency Equifax. In 2017, due to flaws in the company’s systems, 145 million people’s personal records were compromised by hackers. The breach was sizable but what really made it so alarming was the sensitive nature of the breached data, which ranged from full names and addresses to credit card information. Equifax has now revealed that costs relating to the incident, as well as expenditure on IT and data security, have reached at least $1.35 billion, excluding legal fees for lawsuits.
Equifax is far from being the only company to face severe financial repercussions following a breach. In fact, Infoblox’s report discovered that on average, FS firms that experienced a data breach reported an estimated average loss of roughly $4.2 million. Of course, this goes up if we take into account the unplanned network outages that often follow a successful cyberattack.
Financial repercussions are the top impact of network outage attacks, with 60% of FS organisations agreeing. However, it’s not just the initial cost that victims need to worry about. Almost half (45%) of respondents also highlighted the reputational damage caused by a breach. This can have a long-term impact, both on retaining current customers and the ability to win new ones. In today’s ultra-connected, competitive landscape, it ultimately could be the difference between a business thriving and failing.
A new threat landscape calls for a new security approach
With recent research discovering that one in four UK FS workers would like to work fully remote post-pandemic and the vast majority (69%) in favour of a hybrid model – the digital landscape is only becoming more complex. Network architecture will no longer be centralised on a physical campus, with a core data center into which users connect. This requires security practices to adapt to a cloud-first environment. It’s far from surprising that PwC recently discovered that 70% of firms are planning to invest more in cybersecurity over the next 12 months.
In order to make these investments count and defend against the latest and most sophisticated threats, FS organisations must set strong IT foundations for defending the expanded enterprise. One way to achieve this is to use cloud-managed DDI to simplify and scale connectivity across all corporate devices wherever they sit . This integration of Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) and IP address management (IPAM) into a unified service, is designed with the modern borderless enterprise in mind, to eliminate the management complexities of backhauling traffic through the traditional branch office.
DDI provides visibility into the activities of each connected device — giving networking teams deeper insight into potentially suspicious activities. 90% of malware touches DNS — the first D in DDI — when entering or leaving the network, making DNS a critical detection tool that, when connected to the security stack, can enable stronger threat remediation for FS businesses. Additionally, DDI includes a software-defined perimeter that supports network identity and context for policy rules and their enforcement in security orchestration, automation and response (SOAR); security information and event management (SIEM); cloud access security brokers (CASBs); zero trust; next-generation firewalls and more. Ultimately, DDI enables FS firms to boost control and quickly detect and fix any vulnerabilities, no matter where they originate or where users are based. It could be an invaluable tool in our new hybrid landscape.
Whilst every single organisation operating in the world today is a potential victim of cybercrime, FS firms are a particularly obvious target. In order to avoid the potentially devastating cyberattacks of tomorrow, action needs to be taken today. Cybersecurity today needs a proactive approach that stretches across the extended infrastructure and protects users no matter where they are located. It is only then that FS organisations can truly say that they are adequately prepared for whatever security threat is around the corner.
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack
Financial services have been one of the most heavily targeted industries by cybercriminals for several years. One alarming stat from the Boston Consulting Group found these firms to be 300x as likely as other companies to be targeted by cyberattacks.
Furthermore, the pandemic has led to a significant increase in the number of cyberattacks targeting financial institutions (FIs), with around 74% experiencing a spike in threats linked to COVID-19.
With FIs holding some of the largest collections of sensitive and private data, it’s clear they will remain an attractive target for malicious actors, especially as any data stolen can be used for fraudulent activities. This leads to the reputational damage of the financial entity that was compromised and has a knock-on effect in terms of monetary and reputational damage to affected customers.
For CISOs at FIs, the conundrum faced is how do you protect intellectual and customer data, and ensure accountability and transparency for clients and stakeholders, at a time when the pandemic has created budget constraints. Research from BAE Systems found that last year alone, IT security, cybercrime as well as fraud and risk departments had their budgets cut by a third.
Below we look at how bug bounty programs can help to address these pressing issues.
Protecting valuable data
Protecting customer and intellectual data has always been a top priority for FIs. However, as opportunistic cybercriminals have a lot to gain by stealing this valuable data, there is a constant evolution of threats, which means FIs must stay on their toes. By deploying a bug bounty program, FIs can work with ethical hackers that have a wealth of experience and unique skills when it comes to identifying security weaknesses within a FI’s defence, thus helping to implement effective security measures to help prevent data breaches.
Building trust among various stakeholders such as customers, suppliers and investors is critical for achieving business goals. By deploying a bug bounty program, FIs send out a message that they care about protecting the security of the data of those they work with – which in turn can have a cascading effect resulting in better business performance.
For FIs to win customers and keep them happy, amidst the growing threat of neo banks and customer-centric fintech organisations, speed of innovation is crucial. As such, many FIs have adopted an agile approach to build, test, and release software faster to bring online and mobile banking solutions to market quicker. However, this can create frictions between development and security teams. Security mandates are deemed to be unnecessarily intrusive and a cause of delayed application development and deployment.
Yet, with DevOps teams needing to build and deploy applications faster than ever before, an epidemic of insecure applications has emerged. According to Osterman Research, 81% of developers admit to knowingly releasing vulnerable applications, while research from WhiteSource found 73% of developers are forced to cut corners and sacrifice security over speed.
With developers often not having the time, tools, skills, or motivation to write impeccably secure code, there is an evident need to provide developers with more support when it comes to building applications securely Fortunately, bug bounty programs can provide a “fact-based” financial implication of inherent security flaws within the process. This makes it possible to hold development teams and service providers accountable for creating or delivering insecure products, thus addressing inherent security gaps within the business units and helping to drive continuous improvement.
Moreover, security awareness and education of developments teams can be improved significantly for those developers that are directly involved with the management of vulnerability reports for their bug bounty programs. This is because, the mere fact of exchanging information with ethical hackers, or assimilating the thinking of a potential hacker and having proof of concepts of vulnerability exploitation on their application components, naturally accelerates consideration of security early in the development stage and provides ongoing learning.
Get more return on your investment
According to Gartner, 30% of CISOs effectiveness will be directly measured on their ability to create value for the business. When security budgets are challenged, CISOs need to demonstrate business value through initiatives designed to enhance efficiency whilst stretching the dollar.
This is where bug bounties can help tremendously. Compared to conventional penetration testing, bug bounty offers a fast, complete, and measurable return on your security investment, with businesses only paying out for successful discovery of vulnerabilities. Equally, businesses get access to hundreds of ethical hackers that can test their programs, each with their own unique skillsets as opposed to only one skilled researcher testing the network. This results-driven model ensures you pay for the vulnerabilities that pose a threat to your organisation and not for the time or effort it took to find them.
Bug bounty programs also deliver rapid vulnerability discovery across multiple attack surfaces. With this approach, organisations receive prioritised vulnerabilities and real-time remediation advice throughout the process to accelerate the discovery of, and solution to vulnerabilities.
Another appeal of bug bounties is that due to the continuous nature of testing, more vulnerabilities are found over time as opposed to pen-testing. This is key to financial institutions that require agility to keep up with the continuous roll-out and updates of applications.
The cornerstone to a successful security programme
The risk posed to financial institutions by cyber threats will only continue, as evidenced by the number of data breaches seen in recent times. The COVID-19 pandemic has only exacerbated these risks, especially with almost all FIs having needed to shift to a remote working environment – which has only widened the attack landscape.
For FIs, a bug bounty program should be considered a fundamental cornerstone of any security strategy, with it being a modern-day cybersecurity solution that is well-equipped to tackle the immediate security challenges they face. In doing so, FIs will not only prove to customers and stakeholders their commitment to data protection and security but this will also be help them to avoid the monetary damages that could be imposed by regulators if a breach was to take place.
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti
The CFO now has a very different set of responsibilities in comparison to a few years ago; 2021 saw sustainability move up the C-suite agenda, Brexit was officially pushed through meaning new rules and regulations for industries, and pandemic uncertainty caused further disruption for businesses. Understandably then, 97% of UK CFOs believe their role has become more complex over the last two years, according to latest research by Tipalti. Finance leaders, who were already rushed off their feet, are now having to wear even more hats.
Operating in a new climate, with new challenges and circumstances, finance teams must be ready to innovate to find new solutions to changing business needs. From becoming more attuned to ESG ratings to fighting against the burden of manual processes and tasks, below we explore what finance teams can expect to experience in 2022.
- A tightening of CEO-CFO relationship
As opposed to solely managing financial operations and ensuring compliance, the CFOs relationship with the CEO will intensify in 2022. This shift will see the CFO become increasingly involved in looking at the strategic ways the business can grow and diversify.
Nearly two-fifths (39%) of CFOs have noted a larger demand to collaborate with the c-suite now than two years ago. However, organisations are still slowed down by old ways of working, as nearly a third (29%) of CFOs state they are having to deal with more manual finance operations. As a result, CFOs aren’t afforded time to support the business leader in the way that their job requires.
By innovating financial processes through automation, finance teams can free up time for the strategic tasks that matter most to the business. In fact, UK CEOs believe that the ability to prioritise innovation (25%) and the ability to improve financial and business reporting accuracy and timeliness are the most important qualities for a successful CFO today.
- Invoice payments fraud will be harder to fight
Every year, defending against fraud gets increasingly challenging. As accounts payable complexities rise, finance teams will experience payments fraud at an alarming rate.
Finance teams today are tasked with managing more diverse payment methods, increasing cross-border transactions and dynamic tax compliance and financial reporting. Yet, teams struggle to cope when operations are processed manually. The most common perpetrator of payment fraud is manual processes. They are neither efficient nor airtight enough to ensure optimum financial control. Busy finance teams, escalating complexities in AP and error prone manual processing sets the perfect scene for fraudsters to take advantage.
To mitigate such risk, companies need to leverage people, processes and technology. This means investing in robust technologies such as automation to standardise procedures. Data entry will be minimised, end-to-end payments processing visibility will be optimised and policy compliance becomes automated. Not only does AP automation relieve workflows by minimising manual intervention, but the technology acts as a hub for enforcing strong financial controls as the number of people and systems involved in payment processing is reduced substantially.
In addition, 2022 will see more multi-entity businesses emerge as organisations recognise the value of the ‘work from anywhere’ model. It can be challenging to manage finance functions across these multiple entities, and that is often why different business units in geographical locations run their finances in isolation, with varying processes and approvals being managed in different ways. However, with no central control or oversight, you run the risk of internal fraud.
- Finance leaders will need to focus on ESG initiatives
Following COP26, business leaders are under pressure to set and meet green targets, and many are turning to their CFOs for solutions. In fact, CFOs ranked incorporating environmental, social and governance (ESG) and sustainability into the business and its operations as the greatest driver of complexity in their role (27%), above even the global pandemic (22%).
A key reason for this is that ESG ratings have become an important tool for asset managers and investors to evaluate and compare future investment prospects. Currently more than a quarter (28%) of UK business leaders rank international growth as a top priority for the year ahead, so a less than favourable ESG rating is not an option. So far, the challenge for CFOs has been finding the time to work on sustainable initiatives.
- Uncertainty will continue to loom over the UK post-Brexit
It has been over five years since the UK voted for Brexit – but it will most certainly be on the agenda in 2022 as new regulations emerge. There are a number of challenges that Brexit brings, and much uncertainty still remains in place.
In navigating the uncharted waters of Brexit, businesses will encounter new hurdles when looking to fill roles, as the Global Talent Visa makes competition for skilled employees more formidable than ever before. With the visa application deadline passed, some employees may have chosen to move back home contributing to headcount issues for finance teams.
Moreover, the UK is still yet to agree many key trade agreements. Businesses will need to stay vigilant – watching out for any changes at relatively short notice and be ready to adapt.
- Employee wellbeing will need to be prioritised
Along with many other departments, the Great Resignation period has meant finance is experiencing Churn. Whilst the wellbeing of all employees will be a key focus for the c-suite this year, CFOs will need to ensure the work of the finance team is engaging and talent is not wasted on tedious and time-consuming operations. Introducing automation to take care of those manual tasks will free up time to upskill employees, while making them feel valued in their role.
The future office of finance
2022 will see finance teams adapting the way they operate to combat new challenges. With agreements signed following COP26, implementing sustainable initiatives is no longer a choice, and in the wake of Brexit uncertainty, businesses will have to face new rules and regulations head on. On top of this, the CFO will need to pivot away from solely financial operations in order to drive strategy, fight against fraud threats while prioritising the wellbeing of their team.
It’s a complex set of responsibilities and will only be achieved if finance teams are able to move away from manual administrative work and towards new technologies and automation capability. A CFOs time is precious and needs to be reserved for the tasks that matter.
AI-Powered Fraud Prevention for Digital Transactions
By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...
The future of retail trading
Joe Jowett, CEO of StrikeX The 2020s look set to be the decade of the retail trader. As the...
Dissecting the expansion of online checkouts
Daniel Kornitzer, Chief Business Development Officer Card payments have long existed as the preferred payment method for online consumers....
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack Financial services have been one of the most heavily targeted industries by cybercriminals...
Resolving the unintended friction of Web 3.0
Marten Nelson, CEO, M10 Networks Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...
Predictions for Alternative Data in 2022
Neil Chapman, CEO of Exabel 2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...
Why Zero Trust and securing the supply chain is key to post-pandemic recovery
Jim Hietala, Vice President, Business Development and Security at The Open Group Banking and finance have grown to provide...
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti The CFO now has a very different set of responsibilities in comparison...
Three ways to reduce uncertainty in financial services marketing
By Patrick Costello, Senior Product Strategy Director, Optimizely According to Bain & Company, uncertainty is one of the key factors affecting marketing...
Bringing Automation to Banking
Ron Benegbi, Founder & CEO, Uplinq Financial Technologies Automation is everywhere you look these days; from supermarkets to warehouses...
Why financial services is stepping into a new era
by James Mingard, Head of Retail & Finance at Maintel When comparing industries, financial services has arguably fallen behind when...
FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS
Bob Jenkins, Head of Research, Refinitiv Lipper Anyone hoping for a reprieve from the chaos and uncertainty of the...
FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!
Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...
THE GREEN REVOLUTION IN INVESTING
It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...
INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES
Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC) Moving into 2022, while COVID is still front of...
HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION
By Andrew Sehulster and Abbey Shasore The reason why senior management make an acquisition is to compete better or...
FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC
By Emma Lewis, Myriad Associates HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...
Mitigating the insurance risks of climate change through geospatial data visualisation
Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland In the lead up to the...
From compliance to the metaverse: Investment trends to look out for during the year ahead
By Rami Cassis, Founder and CEO of Parabellum Investments In the investment world, the old saying, knowledge is power,...
NutreeLife triples production with finance from Siemens Financial Services
Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...